mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-07 09:10:57 +01:00
Remove some redundant double quotes
.. in sub_cipherlists() and neat_list()
This commit is contained in:
parent
6d2b42b38d
commit
6926bb330c
28
testssl.sh
28
testssl.sh
@ -2978,7 +2978,7 @@ sub_cipherlists() {
|
|||||||
local debugname="$(sed -e s'/\!/not/g' -e 's/\:/_/g' <<< "$1")"
|
local debugname="$(sed -e s'/\!/not/g' -e 's/\:/_/g' <<< "$1")"
|
||||||
local jsonID="cipherlist"
|
local jsonID="cipherlist"
|
||||||
|
|
||||||
[[ "$OPTIMAL_PROTO" == "-ssl2" ]] && proto="$OPTIMAL_PROTO"
|
[[ "$OPTIMAL_PROTO" == -ssl2 ]] && proto="$OPTIMAL_PROTO"
|
||||||
pr_bold "$3 " # to be indented equal to server preferences
|
pr_bold "$3 " # to be indented equal to server preferences
|
||||||
if [[ -n "$6" ]] || listciphers "$1" "$2" $proto; then
|
if [[ -n "$6" ]] || listciphers "$1" "$2" $proto; then
|
||||||
if [[ -z "$6" ]] || ( "$FAST" && listciphers "$1" "$2" -tls1 ); then
|
if [[ -z "$6" ]] || ( "$FAST" && listciphers "$1" "$2" -tls1 ); then
|
||||||
@ -2990,8 +2990,8 @@ sub_cipherlists() {
|
|||||||
! "$HAS_TLS13" && continue
|
! "$HAS_TLS13" && continue
|
||||||
[[ -z "$2" ]] && continue
|
[[ -z "$2" ]] && continue
|
||||||
fi
|
fi
|
||||||
! "$HAS_SSL3" && [[ "$proto" == "-ssl3" ]] && continue
|
! "$HAS_SSL3" && [[ "$proto" == -ssl3 ]] && continue
|
||||||
if [[ "$proto" != "-no_ssl2" ]]; then
|
if [[ "$proto" != -no_ssl2 ]]; then
|
||||||
"$FAST" && continue
|
"$FAST" && continue
|
||||||
[[ $(has_server_protocol "${proto:1}") -eq 1 ]] && continue
|
[[ $(has_server_protocol "${proto:1}") -eq 1 ]] && continue
|
||||||
fi
|
fi
|
||||||
@ -3005,11 +3005,11 @@ sub_cipherlists() {
|
|||||||
for proto in 04 03 02 01 00; do
|
for proto in 04 03 02 01 00; do
|
||||||
# If $cipherlist doesn't contain any TLSv1.3 ciphers, then there is
|
# If $cipherlist doesn't contain any TLSv1.3 ciphers, then there is
|
||||||
# no reason to try a TLSv1.3 ClientHello.
|
# no reason to try a TLSv1.3 ClientHello.
|
||||||
[[ "$proto" == "04" ]] && [[ ! "$6" =~ "13,0" ]] && continue
|
[[ "$proto" == 04 ]] && [[ ! "$6" =~ 13,0 ]] && continue
|
||||||
[[ $(has_server_protocol "$proto") -eq 1 ]] && continue
|
[[ $(has_server_protocol "$proto") -eq 1 ]] && continue
|
||||||
cipherlist="$(strip_inconsistent_ciphers "$proto" ", $6")"
|
cipherlist="$(strip_inconsistent_ciphers "$proto" ", $6")"
|
||||||
cipherlist="${cipherlist:2}"
|
cipherlist="${cipherlist:2}"
|
||||||
if [[ -n "$cipherlist" ]] && [[ "$cipherlist" != "00,ff" ]]; then
|
if [[ -n "$cipherlist" ]] && [[ "$cipherlist" != 00,ff ]]; then
|
||||||
tls_sockets "$proto" "$cipherlist"
|
tls_sockets "$proto" "$cipherlist"
|
||||||
sclient_success=$?
|
sclient_success=$?
|
||||||
[[ $sclient_success -eq 2 ]] && sclient_success=0
|
[[ $sclient_success -eq 2 ]] && sclient_success=0
|
||||||
@ -3037,7 +3037,7 @@ sub_cipherlists() {
|
|||||||
fi
|
fi
|
||||||
if [[ $sclient_success -ne 0 ]] && $BAD_SERVER_HELLO_CIPHER; then
|
if [[ $sclient_success -ne 0 ]] && $BAD_SERVER_HELLO_CIPHER; then
|
||||||
# If server failed with a known error, raise it to the user.
|
# If server failed with a known error, raise it to the user.
|
||||||
if [[ $STARTTLS_PROTOCOL == "mysql" ]]; then
|
if [[ $STARTTLS_PROTOCOL == mysql ]]; then
|
||||||
pr_warning "SERVER_ERROR: test inconclusive due to MySQL Community Edition (yaSSL) bug."
|
pr_warning "SERVER_ERROR: test inconclusive due to MySQL Community Edition (yaSSL) bug."
|
||||||
fileout "${jsonID}_$5" "WARN" "SERVER_ERROR, test inconclusive due to MySQL Community Edition (yaSSL) bug."
|
fileout "${jsonID}_$5" "WARN" "SERVER_ERROR, test inconclusive due to MySQL Community Edition (yaSSL) bug."
|
||||||
else
|
else
|
||||||
@ -3108,7 +3108,7 @@ sub_cipherlists() {
|
|||||||
outln
|
outln
|
||||||
else
|
else
|
||||||
singlespaces=$(sed -e 's/ \+/ /g' -e 's/^ //' -e 's/ $//g' -e 's/ //g' <<< "$3")
|
singlespaces=$(sed -e 's/ \+/ /g' -e 's/^ //' -e 's/ $//g' -e 's/ //g' <<< "$3")
|
||||||
if [[ "$OPTIMAL_PROTO" == "-ssl2" ]]; then
|
if [[ "$OPTIMAL_PROTO" == -ssl2 ]]; then
|
||||||
prln_local_problem "No $singlespaces for SSLv2 configured in $OPENSSL"
|
prln_local_problem "No $singlespaces for SSLv2 configured in $OPENSSL"
|
||||||
else
|
else
|
||||||
prln_local_problem "No $singlespaces configured in $OPENSSL"
|
prln_local_problem "No $singlespaces configured in $OPENSSL"
|
||||||
@ -3226,8 +3226,8 @@ neat_list(){
|
|||||||
enc="${4//Enc=/}"
|
enc="${4//Enc=/}"
|
||||||
# In two cases LibreSSL uses very long names for encryption algorithms
|
# In two cases LibreSSL uses very long names for encryption algorithms
|
||||||
# and doesn't include the number of bits.
|
# and doesn't include the number of bits.
|
||||||
[[ "$enc" == "ChaCha20-Poly1305" ]] && enc="CHACHA20(256)"
|
[[ "$enc" == ChaCha20-Poly1305 ]] && enc="CHACHA20(256)"
|
||||||
[[ "$enc" == "GOST-28178-89-CNT" ]] && enc="GOST(256)"
|
[[ "$enc" == GOST-28178-89-CNT ]] && enc="GOST(256)"
|
||||||
|
|
||||||
strength="${enc//\)/}" # retrieve (). first remove traling ")"
|
strength="${enc//\)/}" # retrieve (). first remove traling ")"
|
||||||
strength="${strength#*\(}" # exfiltrate (VAL
|
strength="${strength#*\(}" # exfiltrate (VAL
|
||||||
@ -3238,15 +3238,15 @@ neat_list(){
|
|||||||
|
|
||||||
[[ "$export" =~ export ]] && strength="$strength,exp"
|
[[ "$export" =~ export ]] && strength="$strength,exp"
|
||||||
|
|
||||||
[[ "$DISPLAY_CIPHERNAMES" != "openssl-only" ]] && tls_cipher="$(show_rfc_style "$hexcode")"
|
[[ "$DISPLAY_CIPHERNAMES" != openssl-only ]] && tls_cipher="$(show_rfc_style "$hexcode")"
|
||||||
|
|
||||||
if [[ "$5" != "true" ]]; then
|
if [[ "$5" != "true" ]]; then
|
||||||
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
|
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
|
||||||
line="$(printf -- " %-7s %-49s %-10s %-12s%-8s" "$hexcode" "$tls_cipher" "$kx" "$enc" "$strength")"
|
line="$(printf -- " %-7s %-49s %-10s %-12s%-8s" "$hexcode" "$tls_cipher" "$kx" "$enc" "$strength")"
|
||||||
[[ "$DISPLAY_CIPHERNAMES" != "rfc-only" ]] && line+="$(printf -- " %-33s${SHOW_EACH_C:+ %-0s}" "$ossl_cipher")"
|
[[ "$DISPLAY_CIPHERNAMES" != rfc-only ]] && line+="$(printf -- " %-33s${SHOW_EACH_C:+ %-0s}" "$ossl_cipher")"
|
||||||
else
|
else
|
||||||
line="$(printf -- " %-7s %-33s %-10s %-12s%-8s" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength")"
|
line="$(printf -- " %-7s %-33s %-10s %-12s%-8s" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength")"
|
||||||
[[ "$DISPLAY_CIPHERNAMES" != "openssl-only" ]] && line+="$(printf -- " %-49s${SHOW_EACH_C:+ %-0s}" "$tls_cipher")"
|
[[ "$DISPLAY_CIPHERNAMES" != openssl-only ]] && line+="$(printf -- " %-49s${SHOW_EACH_C:+ %-0s}" "$tls_cipher")"
|
||||||
fi
|
fi
|
||||||
if [[ -z "$5" ]]; then
|
if [[ -z "$5" ]]; then
|
||||||
tm_out "$line"
|
tm_out "$line"
|
||||||
@ -3278,9 +3278,9 @@ neat_list(){
|
|||||||
fi
|
fi
|
||||||
out "$what_dh"
|
out "$what_dh"
|
||||||
if [[ -n "$bits" ]]; then
|
if [[ -n "$bits" ]]; then
|
||||||
if [[ $what_dh == "DH" ]] || [[ $what_dh == "EDH" ]]; then
|
if [[ $what_dh == DH ]] || [[ $what_dh == EDH ]]; then
|
||||||
pr_dh_quality "$bits" " $bits"
|
pr_dh_quality "$bits" " $bits"
|
||||||
elif [[ $what_dh == "ECDH" ]]; then
|
elif [[ $what_dh == ECDH ]]; then
|
||||||
pr_ecdh_quality "$bits" " $bits"
|
pr_ecdh_quality "$bits" " $bits"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user